Issues with using NginX on separate server


#1

I setup Jitsi on a Debian 9 VM in our colo with no problems following your video guide.

The UDP ports are forwarded directly through the router to the Jitsi VM, but port 443 is pointing to an NginX reverse proxy on another VM.

I can hit my server and join a room from the default landing page.

Video starts and i get the moderator privileges pop up.

Then a few seconds later it drops and says reconnecting.

It will reconnect and then the cycle repeats.

I do not have a free public IP to dedicate to Jitsi. Ports 80 & 443 have to go to the existing proxy first.

Here is my current NginX config. I am unable to find any examples of what options I need to use in the location block to assist.

server {
    server_name scry.mydomain.com;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/scry.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scry.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://10.254.0.104;
        proxy_redirect off;
    }
}


server {
    server_name scry.mydomain.com;
    listen 80;
    return 301 https://$host$request_uri;
}

#2

The Jitsi instance is using a self signed certificate, the NginX server is doing the valid SSL certificate from Let’s Encrypt.

I tweaked the configuration file to this. and I can stay connected for hours by myself, but as soon as a second person tries to join the room it fails

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://10.254.0.104;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

#3

I also followed the same installation instructions and installed a test server on a Vultr (vultr.com) instance.

That instance works perfectly. So I know I followed the instructions correctly.

I wiped and reinstalled my colo instance to be sure. the results are the same.

So I feel it is simply something I need to handle with the reverse proxy, but I have no idea where to look.


#4

What does the javascript console says?


#5

Where is the instruction for accessing that?

Watching the log files, I saw this in jicofo.log

# my desktop joined successfully.
Jicofo 2018-11-16 13:54:34.814 INFO: [55] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().402 Focus request for room: testroom@conference.scry.mydomain.com
Jicofo 2018-11-16 13:54:34.814 INFO: [55] org.jitsi.jicofo.FocusManager.log() Created new focus for testroom@conference.scry.mydomain.com@auth.scry.mydomain.com. Conference count 1,options: 
Jicofo 2018-11-16 13:54:34.814 INFO: [55] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Lip-sync enabled in testroom@conference.scry.mydomain.com
Jicofo 2018-11-16 13:54:34.814 INFO: [55] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Joining the room: testroom@conference.scry.mydomain.com
Jicofo 2018-11-16 13:54:35.000 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@594402c9 member=ChatMember[testroom@conference.scry.mydomain.com/2c064cae, jid: null]@603887075]
Jicofo 2018-11-16 13:54:35.002 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Granted owner to testroom@conference.scry.mydomain.com/2c064cae
Jicofo 2018-11-16 13:54:35.002 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member testroom@conference.scry.mydomain.com/2c064cae joined.
Jicofo 2018-11-16 13:55:18.592 INFO: [80] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().402 Focus request for room: testroom@conference.scry.mydomain.com
# my laptop attempted to join here.
Jicofo 2018-11-16 13:55:27.833 INFO: [47] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().402 Focus request for room: testroom@conference.scry.mydomain.com
Jicofo 2018-11-16 13:55:27.913 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@594402c9 member=ChatMember[testroom@conference.scry.mydomain.com/20dc84e2, jid: null]@1949834708]
Jicofo 2018-11-16 13:55:27.914 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member testroom@conference.scry.mydomain.com/20dc84e2 joined.
Jicofo 2018-11-16 13:55:27.914 SEVERE: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant -- no bridge available.
Jicofo 2018-11-16 13:55:27.914 SEVERE: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Can not invite participant -- no bridge available.
Jicofo 2018-11-16 13:55:28.292 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberLeft sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@594402c9 member=ChatMember[testroom@conference.scry.mydomain.com/2c064cae, jid: 2c064cae-70c6-4a49-b3c5-9cc43fc3303e@scry.mydomain.com/8c3b0f90-5181-4b9d-ab27-ca44eb273616]@603887075]
Jicofo 2018-11-16 13:55:28.292 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Owner has left the room !
Jicofo 2018-11-16 13:55:28.294 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Granted owner to testroom@conference.scry.mydomain.com/20dc84e2
Jicofo 2018-11-16 13:55:28.294 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member testroom@conference.scry.mydomain.com/2c064cae is leaving
Jicofo 2018-11-16 13:55:28.294 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Removed participant: true, testroom@conference.scry.mydomain.com/2c064cae
Jicofo 2018-11-16 13:55:29.182 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberLeft sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@594402c9 member=ChatMember[testroom@conference.scry.mydomain.com/20dc84e2, jid: 20dc84e2-05a6-4007-927a-077da6c7b6f6@scry.mydomain.com/694495ac-6022-4687-9138-be0c6ee678d0]@1949834708]
Jicofo 2018-11-16 13:55:29.182 INFO: [37] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Owner has left the room !
Jicofo 2018-11-16 13:55:29.182 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member testroom@conference.scry.mydomain.com/20dc84e2 is leaving
Jicofo 2018-11-16 13:55:29.183 INFO: [37] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Removed participant: true, testroom@conference.scry.mydomain.com/20dc84e2
Jicofo 2018-11-16 13:55:29.187 INFO: [37] org.jitsi.jicofo.FocusManager.log() Disposed conference for room: testroom@conference.scry.mydomain.com conference count: 0



#6

Where is the instruction for accessing that?

F12 on your browser (the client)

My setup is similar to yours but behind the reverse proxy I’m all http, no encryption.


#7
[modules/browser/BrowserCapabilities.js] <t>:  This appears to be firefox, ver: 63.0 lib-jitsi-meet.min.js:2:151169
[react/index.web.js] <>:  (TIME) document ready:	 1701 Logger.js:124
[react/features/base/storage/PersistenceRegistry.js] <value>:  redux state rehydrated as 
Object { "features/base/settings": {…}, "features/dropbox": {}, "features/recent-list": (4) […], "features/welcome": {}, "features/video-layout": {}, "features/base/known-domains": (7) […] }
Logger.js:124
[modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:124
[JitsiMeetJS.js] <init>:  Analytics disabled, disposing. lib-jitsi-meet.min.js:2:151169
[modules/statistics/AnalyticsAdapter.js] <value>:  Disposing of analytics adapter. lib-jitsi-meet.min.js:2:151169
[react/features/base/media/middleware.js] <>:  Start muted: Logger.js:124
[react/features/base/media/middleware.js] <>:  Start audio only set to false Logger.js:124
[react/features/base/conference/middleware.js] <>:  Audio-only disabled Logger.js:124
[modules/RTC/RTCUtils.js] <value>:  Using the new gUM flow lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  P2P STUN servers:  
Array(3) [ {…}, {…}, {…} ]
lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connecting:	 1878 lib-jitsi-meet.min.js:2:151169
[modules/RTC/RTCUtils.js] <value/r<>:  Got media constraints:  
Object { video: {…}, audio: {…} }
lib-jitsi-meet.min.js:2:151169
[modules/RTC/RTCUtils.js] <value/<>:  Available devices:  
Array(6) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
lib-jitsi-meet.min.js:2:151169
[modules/RTC/RTCUtils.js] <value/</<>:  onUserMediaSuccess lib-jitsi-meet.min.js:2:151169
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {63b4d92e-8ea1-4420-8e8d-b546013f8bf4} {b1449186-3d5e-4b0c-a443-18be12490011} on LocalTrack[undefined,audio] lib-jitsi-meet.min.js:2:151169
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {3ff2f022-323e-4e6c-b689-20376deba9b7} {c836141d-d283-464f-bd68-5ba4cfe00613} on LocalTrack[undefined,video] lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connected:	 2897 lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  My Jabber ID: b8692608-d037-4204-8ce5-0c3e5954417f@scry.mydomain.com/e56b7700-96df-45be-b428-a9346783db79 lib-jitsi-meet.min.js:2:151169
[conference.js] <init/<>:  initialized with 2 local tracks Logger.js:124
[modules/xmpp/ChatRoom.js] <t>:  Joined MUC as testroom2@conference.scry.mydomain.com/b8692608 lib-jitsi-meet.min.js:2:151169
[modules/e2eping/e2eping.js] <e>:  Initializing e2e ping; pingInterval=10000, analyticsInterval=60000. lib-jitsi-meet.min.js:2:151169
[modules/connectivity/ParticipantConnectionStatus.js] <e>:  RtcMuteTimeout set to: 2000 lib-jitsi-meet.min.js:2:151169
[modules/statistics/AvgRTPStatsReporter.js] <e>:  Avg RTP stats will be calculated every 15 samples lib-jitsi-meet.min.js:2:151169
[JitsiConference.js] <i>:  backToP2PDelay: 5 lib-jitsi-meet.min.js:2:151169
[modules/videosipgw/VideoSIPGW.js] <e>:  creating VideoSIPGW lib-jitsi-meet.min.js:2:151169
[JitsiConference.js] <i.prototype._doReplaceTrack>:  _doReplaceTrack - no JVB JingleSession lib-jitsi-meet.min.js:2:151169
[JitsiConference.js] <i.prototype._doReplaceTrack>:  _doReplaceTrack - no P2P JingleSession lib-jitsi-meet.min.js:2:151169
[JitsiConference.js] <i.prototype._doReplaceTrack>:  _doReplaceTrack - no JVB JingleSession lib-jitsi-meet.min.js:2:151169
[JitsiConference.js] <i.prototype._doReplaceTrack>:  _doReplaceTrack - no P2P JingleSession lib-jitsi-meet.min.js:2:151169
[modules/remotecontrol/RemoteControl.js] <value>:  Initializing remote control. Logger.js:124
[modules/xmpp/moderator.js] <i.prototype.setFocusUserJid>:  Focus jid set to:  undefined lib-jitsi-meet.min.js:2:151169
[modules/xmpp/moderator.js] <i.prototype.createConferenceIq>:  Session ID: null machine UID: f69c258a33621ebbfa0a0bc66bc34470 lib-jitsi-meet.min.js:2:151169
[react/features/base/tracks/actions.js] <t.c/</</<>:  Replace audio track - unmuted Logger.js:124
[react/features/base/tracks/actions.js] <t.c/</</<>:  Replace video track - unmuted Logger.js:124
[conference.js] <updateAudioIconEnabled>:  Microphone button enabled: true local audio: LocalTrack[1,audio] audio devices:  device count: 0 Logger.js:124
[conference.js] <updateVideoIconEnabled>:  Camera button enabled: true local video: LocalTrack[2,video] video devices:  device count: 0 Logger.js:124
[conference.js] <updateAudioIconEnabled>:  Microphone button enabled: true local audio: LocalTrack[1,audio] audio devices: [object MediaDeviceInfo],[object MediaDeviceInfo],[object MediaDeviceInfo],[object MediaDeviceInfo] device count: 4 Logger.js:124
[conference.js] <updateVideoIconEnabled>:  Camera button enabled: true local video: LocalTrack[2,video] video devices: [object MediaDeviceInfo],[object MediaDeviceInfo] device count: 2 Logger.js:124
[modules/xmpp/strophe.ping.js] <value>:  XMPP pings will be sent every 10000 ms lib-jitsi-meet.min.js:2:151169
[conference.js] <updateVideoIconEnabled>:  Camera button enabled: true local video: LocalTrack[2,video] video devices: [object MediaDeviceInfo],[object MediaDeviceInfo] device count: 2 Logger.js:124
[modules/xmpp/moderator.js] <i.prototype.setFocusUserJid>:  Focus jid set to:  focus@auth.scry.mydomain.com lib-jitsi-meet.min.js:2:151169
[modules/xmpp/moderator.js] <i.prototype.parseConfigOptions>:  Authentication enabled: false lib-jitsi-meet.min.js:2:151169
[modules/xmpp/moderator.js] <i.prototype.parseConfigOptions>:  External authentication enabled: false lib-jitsi-meet.min.js:2:151169
[modules/xmpp/moderator.js] <i.prototype.parseConfigOptions>:  Sip gateway enabled:  false lib-jitsi-meet.min.js:2:151169
[modules/xmpp/ChatRoom.js] <value>:  entered testroom2@conference.scry.mydomain.com/focus 
Object { affiliation: "owner", role: "moderator", jid: "focus@auth.scry.mydomain.com/focus9654505300", isFocus: true, isHiddenDomain: false }
lib-jitsi-meet.min.js:2:151169
[modules/xmpp/ChatRoom.js] <value>:  Ignore focus: testroom2@conference.scry.mydomain.com/focus, real JID: focus@auth.scry.mydomain.com/focus9654505300 lib-jitsi-meet.min.js:2:151169
[modules/version/ComponentsVersions.js] <r.prototype.processPresence/<>:  Got xmpp version: Prosody(0.9.12,Linux) lib-jitsi-meet.min.js:2:151169
[modules/version/ComponentsVersions.js] <r.prototype.processPresence/<>:  Got focus version: JiCoFo(1.0.1.0-440,Linux) lib-jitsi-meet.min.js:2:151169
[conference.js] <_setupListeners/<>:  My role changed, new role: none Logger.js:124
[JitsiConference.js] <i.prototype._maybeStartOrStopP2P>:  Auto P2P disabled lib-jitsi-meet.min.js:2:151169
[modules/xmpp/ChatRoom.js] <value>:  (TIME) MUC joined:	 3337 lib-jitsi-meet.min.js:2:151169
[conference.js] <_setupListeners/<>:  My role changed, new role: moderator Logger.js:124
[JitsiConference.js] <i.prototype._maybeStartOrStopP2P>:  Auto P2P disabled lib-jitsi-meet.min.js:2:151169
[modules/UI/videolayout/LargeVideoManager.js] <value/<>:  hover in %s b8692608 Logger.js:124
[react/features/base/storage/PersistenceRegistry.js] <value>:  redux state persisted. e5f66ad3e9fa188764585c36adbbee52 -> cf6ba892d318febec800c2934a6105d0 Logger.js:124
[modules/xmpp/ChatRoom.js] <value>:  entered testroom2@conference.scry.mydomain.com/04d84c8c 
Object { affiliation: "none", role: "participant", jid: "04d84c8c-574a-40b2-9343-ea807d6a9113@scry.mydomain.com/facd25a3-ea88-4787-9ffe-4ecf472737b4", isFocus: false, isHiddenDomain: false, nick: undefined }
lib-jitsi-meet.min.js:2:151169
[modules/UI/videolayout/RemoteVideo.js] <r.prototype.updateConnectionStatusIndicator>:  04d84c8c thumbnail connection status: active
Logger.js:124
[conference.js] <_setupListeners/<>:  USER 04d84c8c connnected: 
Object { _jid: "testroom2@conference.scry.mydomain.com/04d84c8c", _id: "04d84c8c", _conference: {…}, _displayName: undefined, _supportsDTMF: false, _tracks: [], _role: "participant", _status: undefined, _hidden: false, _statsID: undefined, … }
Logger.js:124
[JitsiConference.js] <i.prototype._maybeStartOrStopP2P>:  Auto P2P disabled lib-jitsi-meet.min.js:2:151169
[modules/xmpp/ChatRoom.js] <value>:  Ignore focus: testroom2@conference.scry.mydomain.com/focus, real JID: focus@auth.scry.mydomain.com/focus9654505300 lib-jitsi-meet.min.js:2:151169
[react/features/overlay/components/AbstractPageReloadOverlay.js] <value>:  The conference will be reloaded after 25 seconds. Logger.js:124
[modules/UI/videolayout/VideoLayout.js] <removeParticipantContainer>:  Removing remote video: 04d84c8c Logger.js:124
[modules/UI/videolayout/RemoteVideo.js] <r.prototype.remove>:  Remove thumbnail 04d84c8c Logger.js:124
[conference.js] <value>:  CONFERENCE FAILED: conference.videobridgeNotAvailable Logger.js:124
[modules/rttmonitor/rttmonitor.js] <value>:  Stopping RttMonitor. lib-jitsi-meet.min.js:2:151169
[modules/e2eping/e2eping.js] <value>:  Stopping e2eping lib-jitsi-meet.min.js:2:151169
[modules/xmpp/ChatRoom.js] <value>:  do leave testroom2@conference.scry.mydomain.com/b8692608 lib-jitsi-meet.min.js:2:151169
[modules/RTC/RTC.js] <value>:  Removed remote tracks for 04d84c8c count: 0 lib-jitsi-meet.min.js:2:151169
[modules/UI/videolayout/VideoLayout.js] <removeParticipantContainer>:  No remote video for 04d84c8c Logger.js:124
[conference.js] <_setupListeners/<>:  USER 04d84c8c LEFT: 
Object { _jid: "testroom2@conference.scry.mydomain.com/04d84c8c", _id: "04d84c8c", _conference: {…}, _displayName: undefined, _supportsDTMF: false, _tracks: [], _role: "participant", _status: undefined, _hidden: false, _statsID: undefined, … }
Logger.js:124
[JitsiConference.js] <i.prototype._maybeStartOrStopP2P>:  Auto P2P disabled lib-jitsi-meet.min.js:2:151169
[modules/xmpp/moderator.js] <i.prototype.onMucMemberLeft>:  Someone left is it focus ? testroom2@conference.scry.mydomain.com/04d84c8c lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe disconnecting:	 40703 lib-jitsi-meet.min.js:2:151169
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe disconnected:	 41000 lib-jitsi-meet.min.js:2:151169
[modules/xmpp/strophe.ping.js] <value>:  Ping interval cleared lib-jitsi-meet.min.js:2:151169
[react/features/base/storage/PersistenceRegistry.js] <value>:  redux state persisted. cf6ba892d318febec800c2934a6105d0 -> 409498eb1ff92f60a5548b3f4a93cf25 Logger.js:124
[react/features/app/actions.js] <t.c/<>:  Reloading the conference using URL: https://scry.mydomain.com/testroom2

#8

Thanks, posted.

Are you using NginX for it? If so, can you post your redacted conf file?


#9

I have my reverse proxy with ip .13, my xmpp/prosody with ip .10, my jitsi (jicofo/videobridge) with ip .15

I think your problem is not there.

server {
listen 80;
listen 443 ssl;
server_name jitsi.mydomain.org auth.jitsi.mydomain.org conference.mydomain.org jitsi-meet.mydomain.org conference.jitsi.mydomain.org focus.jitsi.mydomain.org;

location / {
ssi on;
proxy_pass http://10.1.1.15/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# BOSH
location /http-bind {
proxy_pass http://10.1.1.10:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}

# xmpp websockets
location /xmpp-websocket {
    proxy_pass              http://10.1.1.10:5280/xmpp-websocket;
    proxy_http_version      1.1;
    proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection "upgrade";
    proxy_set_header        Host $host;
    tcp_nodelay             on;

}
}

I’m still installing Jitsi, once everything works I might clean some stuff


#10

I installed the full package via the Debian apt repo. When I ran into issues, I repeated the process and then even installed on a VPS instance as noted.

Here is a link to where I posted my process.

The VPS works perfectly.

The one in the colo behind NginX does not.


#11

I don’t know what to say.

I installed it on openbsd, there’s no installer, everything by hand and a lot of debug to understand how things articulate.

The only thing I can tell you is to look at the logs, do network captures, look at the prosody logs.

I can tell you something if I see an error message that I already met.


#12

@sorvani “no bridge available”, you can see this in jicofo and client logs. Apparently there is no jvb. Check jvb logs for errors.


#13

That is not the problem. As soon as I saw the config from @Mikygee using port 5280, I added that to the inbound firewall allow and i had a session.

I was able to have my laptop and desktop both join and talk. I asked others to join and still issues. They could connect, but they were always muted and not seeing my video, nor me them.

So there are obviously (to me) more things that need properly redirected when NginX is external to the Jitsi instance.

Those firewall rules are not needed on the public instance because there is no external proxy. Nothing is “coming in” on those internal connections because it is all internal to the server itself.


#14

Did you see that network diagram ?
Because you need to open other ports. Did you do it ?


#15

Is your jvb running behind nat? Have you checked this, the ports part: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration


#16

I had, but not this last time after reinstalling clean and updating the proxy with @Mikygee’s config. I forgot about it because it did not help the original problem caused by the missing NginX bits.


#17

Reinstalled clean. Added the NAT setting. Used the NginX config from @Mikygee.

I seem to have it all working.

80/443 routing to Nginx VM (10.254.0.22)
10000:20000 routing to Jitsi VM (10.254.0.104)

Jitsi VM firewall has allow for 22/80/443/5280 on TCP and 10000:20000/udp

Nginx Reverse Proxy routing /http-bind and /xmpp-websocket to port 5280

server {
    server_name scry.mydomain.com;  
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/scry.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scry.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        ssi on;
        proxy_pass https://10.254.0.104/;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
    # BOSH
    location /http-bind {
        proxy_pass http://10.254.0.104:5280/http-bind;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }

    # xmpp websockets
    location /xmpp-websocket {
        proxy_pass              http://10.254.0.104:5280/xmpp-websocket;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection "upgrade";
        proxy_set_header        Host $host;
        tcp_nodelay             on;
    }
}